Messages

Hello, I am trying to setup a IPSec VPN for one of our service providers, the provider needs a D-NAT as there are already other tunnels using my local network (192.168.1.1/24), Iam not exactly sure what needs to be configured, this is the current setup:

Watchguard Phase 2 Configuration, each entry is a own Phase2 Entry:
Local 192.168.251.1 - Remote 192.168.254.128
Local 192.168.251.1 - Remote 192.168.254.129
Local 192.168.251.1 - Remote 192.168.254.130
Local 192.168.251.1 - Remote 192.168.254.131

OPNSense Phase 2 Configuration, each entry is a own Phase2 Entry:
Local 192.168.254.128 - Remote 192.168.251.1/24
Local 192.168.254.129 - Remote 192.168.251.1/24
Local 192.168.254.130 - Remote 192.168.251.1/24
Local 192.168.254.131 - Remote 192.168.251.1/24

I created a port forward for all the addresses:
192.168.254.128 - 192.168.1.128
192.168.254.129 - 192.168.1.129
192.168.254.130 - 192.168.1.130
192.168.254.131 - 192.168.1.131


But we get the following error:

2024-06-17T15:55:28   Informational   charon   12[IKE] <con3|5> failed to establish CHILD_SA, keeping IKE_SA   
2024-06-17T15:55:28   Informational   charon   12[IKE] <con3|5> received TS_UNACCEPTABLE notify, no CHILD_SA built   
2024-06-17T15:55:28   Informational   charon   12[ENC] <con3|5> parsed CREATE_CHILD_SA response 2 [ N(TS_UNACCEPT) ]

I am not exactly sure if that is a Phase 2 error or some firewall/nat problem, does someone have an idea?

Thanks in advance
Celay